General

  • Target

    a2a4e83e35f7cafbc1c73fd179737e80_NeikiAnalytics.exe

  • Size

    45KB

  • Sample

    240518-g6yq3sff71

  • MD5

    a2a4e83e35f7cafbc1c73fd179737e80

  • SHA1

    94f0660549221c8bf48184ea39324ece80053935

  • SHA256

    5244f2ca07b186c6bd6c0ac80a5c8db94bb49ebfc920ce6b2c73e23568aff396

  • SHA512

    426211ae1ee5f20f338613bc3c83afe51481110cc7f6d4fd32b869cdc5f927c831e4596de4ff60c905bc33e314ef8f64896df0681e4b4c380f34c61504ba8052

  • SSDEEP

    768:VdhO/poiiUcjlJIniwzH9Xqk5nWEZ5SbTDahWI7CPW5z:rw+jjgniyH9XqcnW85SbToWI7

Score
10/10

Malware Config

Extracted

Family

xenorat

C2

damizk.ddns.net

Mutex

Xeno_rat_ndsszcv

Attributes
  • delay

    5000

  • install_path

    appdata

  • port

    7628

  • startup_name

    nothingset

Targets

    • Target

      a2a4e83e35f7cafbc1c73fd179737e80_NeikiAnalytics.exe

    • Size

      45KB

    • MD5

      a2a4e83e35f7cafbc1c73fd179737e80

    • SHA1

      94f0660549221c8bf48184ea39324ece80053935

    • SHA256

      5244f2ca07b186c6bd6c0ac80a5c8db94bb49ebfc920ce6b2c73e23568aff396

    • SHA512

      426211ae1ee5f20f338613bc3c83afe51481110cc7f6d4fd32b869cdc5f927c831e4596de4ff60c905bc33e314ef8f64896df0681e4b4c380f34c61504ba8052

    • SSDEEP

      768:VdhO/poiiUcjlJIniwzH9Xqk5nWEZ5SbTDahWI7CPW5z:rw+jjgniyH9XqcnW85SbToWI7

    Score
    10/10
    • Detects XenoRAT malware

      XenoRAT is an open-source remote access tool (RAT) developed in C#.

    • XenorRat

      XenorRat is a remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks